A Single Voice Command Is All It Takes, Inside China’s Alarming Robot Hijacking Experiments

The idea that robots can be safely controlled through friendly voice commands has long been marketed as a feature. In recent demonstrations in China, it has instead been revealed as a serious vulnerability.

At security tests and hacking competitions held during GEEKCon in Shanghai, researchers showed how commercially available humanoid and quadruped robots can be hijacked in minutes, sometimes using nothing more than spoken instructions or short range wireless connections. Once compromised, these machines were able to spread attacks to other robots nearby, raising urgent questions about safety, regulation, and the accelerating rollout of internet connected robots in public and industrial environments.

The experiments exposed just how fragile many modern robotic systems are beneath their polished exteriors. Unlike traditional computers, robots combine network access, artificial intelligence, mobility, and physical force. When security fails, the consequences extend beyond data loss into the real world.

From helpful assistant to physical threat

Cybersecurity specialists from the research group DARKNAVY demonstrated how flaws in AI driven control systems can allow attackers to seize full control of humanoid robots. In one controlled test, a commercially available humanoid robot manufactured by Unitree Robotics was compromised using spoken commands alone.

The robot, priced at around 100,000 yuan, was running an embedded large scale AI agent designed to manage autonomy and interaction. By exploiting weaknesses in that system while the robot was connected to the internet, researchers bypassed safeguards and gained root level access.

What followed was more unsettling than a single hacked machine. Using short range wireless communication, the compromised robot transmitted the exploit to a second robot that was not connected to the network. Within minutes, the second unit was also under external control, demonstrating how a single breach could cascade through a group of machines.

To underline the stakes, researchers issued a hostile command. The robot advanced toward a mannequin on stage and struck it, illustrating how a hijacked system could cause physical harm. The demonstration challenged the assumption that keeping robots offline provides meaningful protection, especially as clustered and cooperative robot deployments become more common.

Vulnerabilities hiding in plain sight

These findings build on earlier disclosures. In October, researchers revealed a Bluetooth vulnerability in Unitree robots that allowed attackers to gain wireless root access. Once compromised, a robot could silently spread malware to nearby units, forming what experts described as a robotic botnet.

At GEEKCon, other teams demonstrated attacks on smart glasses, drones, and large scale intelligent agents. The pattern was consistent. As systems grow more autonomous and interconnected, basic security oversights can have outsized consequences.

Unlike conventional cyberattacks, which usually target information or finances, compromised robots pose an immediate risk to people. A hacked machine does not just leak data. It moves, lifts, strikes, and navigates shared spaces.

Rising risks as robots move closer to people

At present, many intelligent robots are still confined to entertainment, exhibitions, corporate reception desks, and research labs. That is beginning to change. According to reporting from the South China Morning Post, robots are steadily expanding into infrastructure inspection, security patrols, healthcare support, and elderly care.

In domestic settings, a compromised household robot could quietly collect sensitive information or act unpredictably around children or vulnerable adults. In industrial environments, manipulated robots could damage equipment, halt production lines, or cause injuries. In transport and autonomous systems, the line between malfunction and deliberate weaponisation becomes dangerously thin.

What makes these risks especially troubling is the speed of compromise. Researchers involved in the demonstrations noted that some machines could be taken over in minutes, not hours or days, suggesting that security has lagged far behind capability.

Security as an afterthought

Experts argue that many of these problems stem from how robots are built. Connectivity and intelligence are prioritised, while security is often bolted on later, if at all. Voice interaction systems are treated as convenience features rather than potential attack surfaces. Wireless interfaces remain exposed. Default credentials and inadequate authentication persist in devices designed to operate autonomously in shared spaces.

To address this, specialists are calling for security to be embedded at every stage of development. Automated vulnerability scanning can remove obvious flaws early. Dedicated security frameworks and independent penetration testing are needed to uncover deeper weaknesses before robots reach consumers or critical workplaces.

Without those measures, the demonstrations in Shanghai may prove to be a warning rather than an anomaly. As robots move from novelty to necessity, the question is no longer whether they can be hacked. It is whether society is prepared for what happens when they are.

Photo Credit: DepositPhotos.com